From 1037b685eb9986da46255a6525244e3e3d9dee98 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 16 Oct 2019 10:08:33 -0600
Subject: [PATCH] Make sure we don't go past the end of the string when out of
 range.

---
 lib/util/strtonum.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/util/strtonum.c b/lib/util/strtonum.c
index 2198d9a6a..df099d1fc 100644
--- a/lib/util/strtonum.c
+++ b/lib/util/strtonum.c
@@ -109,12 +109,16 @@ sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
 		break;
 	    ch -= '0';
 	    if (result < lastval || (result == lastval && ch > remainder)) {
+		/* Skip remaining digits. */
+		do {
+		    ch = *cp++;
+		} while (isdigit(ch));
 		errval = STN_TOOSMALL;
 		break;
 	    } else {
-		errval = STN_VALID;
 		result *= 10;
 		result -= ch;
+		errval = STN_VALID;
 	    }
 	}
 	if (result > maxval)
@@ -127,12 +131,16 @@ sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
 		break;
 	    ch -= '0';
 	    if (result > lastval || (result == lastval && ch > remainder)) {
+		/* Skip remaining digits. */
+		do {
+		    ch = *cp++;
+		} while (isdigit(ch));
 		errval = STN_TOOBIG;
 		break;
 	    } else {
-		errval = STN_VALID;
 		result *= 10;
 		result += ch;
+		errval = STN_VALID;
 	    }
 	}
 	if (result < minval)
@@ -153,20 +161,12 @@ done:
 	    *errstrp = N_("invalid value");
 	break;
     case STN_TOOSMALL:
-	/* Skip remaining digits. */
-	do {
-	    ch = *cp++;
-	} while (isdigit(ch));
 	result = 0;
 	errno = ERANGE;
 	if (errstrp != NULL)
 	    *errstrp = N_("value too small");
 	break;
     case STN_TOOBIG:
-	/* Skip remaining digits. */
-	do {
-	    ch = *cp++;
-	} while (isdigit(ch));
 	result = 0;
 	errno = ERANGE;
 	if (errstrp != NULL)